Sign up to save your podcasts
Or
Share Hacked! Chinese Cyber Spies Pwn US Tech for 400 Days Undetected
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Hacked! Chinese Cyber Spies Pwn US Tech for 400 Days Undetected
This is your Dragon's Code: America Under Cyber Siege podcast.
You wouldn’t believe the scene in my inbox these past few days—alerts, threat intelligence, panicked requests from lawyers and sysadmins alike. Welcome to Dragon’s Code: America Under Cyber Siege. I’m Ting, and if anyone’s been having a busier week than the US Cybersecurity and Infrastructure Security Agency, it’s me.
Let’s cut to the breach—literally. The talk of the week is Brickstorm, a malware so slippery even seasoned threat hunters at Mandiant and Google’s Threat Intelligence Group are calling it “next-level.” The culprits? Highly sophisticated Chinese hacking crews, with UNC5221 and Silk Typhoon taking lead roles. These attackers have wormed their way into tech firms, legal organizations—heck, even the software-as-a-service providers who help keep America ticking. But what tips Brickstorm into cyber legend status is its ability to hang around for over a year in a compromised system without anyone noticing. That’s right—400 days on average before detection, a hacker’s equivalent to squatting in your server room, eating all your digital snacks, and redecorating[CyberScoop, Mandiant].
What’s their favorite methodology? Go straight for the perimeter and remote access infrastructure: think VPNs like Ivanti, virtual machines like VMware vCenter, and edge devices that are notoriously hard to monitor. For initial access, they love exploiting zero-day vulnerabilities—flaws nobody’s patched because they don’t even know they exist. Once inside, the adversaries upload web shells like China Chopper, set scripts for persistent access, and pull off lateral moves to web servers and SQL databases. They cloak these hops with different IPs and unique malware hashes every time. My favorite detail: they even clean up their digital fingerprints—delete logs, swap credentials, the whole spy movie routine[Google, CISA].
Attribution in cyber is always a slippery sport, but security analysts like Charles Carmakal at Mandiant aren’t shy. UNC5221 has been the most persistent Chinese cyber adversary in the States for years. Silk Typhoon, meanwhile, is infamous for hacking everything from legal emails to federal infrastructure. And the newcomer, RedNovember—a group that just graduated from “activity cluster” to full-fledged headline-maker—has targeted at least two US defense contractors using open-source tools like Pantegana and Spark RAT, plus off-the-shelf tools like Cobalt Strike. All of these facilitate stealthy, modular attacks while muddying the trail for investigators[Recorded Future, The Hacker News].
What’s the government done? The FBI’s running point, coordinating with software vendors and urging organizations to use new detection tools. Over at CISA, lessons learned from a recent GeoServer exploit highlight some classic failures: missed endpoint alerts, poor log retention, and the eternal mistake of not bringing in third-party experts fast enough. In response, agencies are ramping up patch velocity, investing in persistent endpoint detection (EDR), and even deploying new forensics playbooks sourced from both government and private-sector experts. But there’s consensus—like John Hultquist at Google’s Threat Intelligence summed up: “We’re only going to learn more over time as victims retrospectively uncover years-old compromises.”
Here’s my expert takeaway: The Chinese threat actors are evolving, swapping bespoke malware for off-the-shelf tools, exploiting edge devices everyone ignores, and using patience as their weapon. Cyber responders have to get more proactive—hunt, patch, and educate, or else these digital dragons will keep flying circles around legacy defenses.
Thanks for tuning in, my cyber-savvy listeners. Don’t forget to subscribe for more tales from the frontlines of digital geopolitics. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
You wouldn’t believe the scene in my inbox these past few days—alerts, threat intelligence, panicked requests from lawyers and sysadmins alike. Welcome to Dragon’s Code: America Under Cyber Siege. I’m Ting, and if anyone’s been having a busier week than the US Cybersecurity and Infrastructure Security Agency, it’s me.
Let’s cut to the breach—literally. The talk of the week is Brickstorm, a malware so slippery even seasoned threat hunters at Mandiant and Google’s Threat Intelligence Group are calling it “next-level.” The culprits? Highly sophisticated Chinese hacking crews, with UNC5221 and Silk Typhoon taking lead roles. These attackers have wormed their way into tech firms, legal organizations—heck, even the software-as-a-service providers who help keep America ticking. But what tips Brickstorm into cyber legend status is its ability to hang around for over a year in a compromised system without anyone noticing. That’s right—400 days on average before detection, a hacker’s equivalent to squatting in your server room, eating all your digital snacks, and redecorating[CyberScoop, Mandiant].
What’s their favorite methodology? Go straight for the perimeter and remote access infrastructure: think VPNs like Ivanti, virtual machines like VMware vCenter, and edge devices that are notoriously hard to monitor. For initial access, they love exploiting zero-day vulnerabilities—flaws nobody’s patched because they don’t even know they exist. Once inside, the adversaries upload web shells like China Chopper, set scripts for persistent access, and pull off lateral moves to web servers and SQL databases. They cloak these hops with different IPs and unique malware hashes every time. My favorite detail: they even clean up their digital fingerprints—delete logs, swap credentials, the whole spy movie routine[Google, CISA].
Attribution in cyber is always a slippery sport, but security analysts like Charles Carmakal at Mandiant aren’t shy. UNC5221 has been the most persistent Chinese cyber adversary in the States for years. Silk Typhoon, meanwhile, is infamous for hacking everything from legal emails to federal infrastructure. And the newcomer, RedNovember—a group that just graduated from “activity cluster” to full-fledged headline-maker—has targeted at least two US defense contractors using open-source tools like Pantegana and Spark RAT, plus off-the-shelf tools like Cobalt Strike. All of these facilitate stealthy, modular attacks while muddying the trail for investigators[Recorded Future, The Hacker News].
What’s the government done? The FBI’s running point, coordinating with software vendors and urging organizations to use new detection tools. Over at CISA, lessons learned from a recent GeoServer exploit highlight some classic failures: missed endpoint alerts, poor log retention, and the eternal mistake of not bringing in third-party experts fast enough. In response, agencies are ramping up patch velocity, investing in persistent endpoint detection (EDR), and even deploying new forensics playbooks sourced from both government and private-sector experts. But there’s consensus—like John Hultquist at Google’s Threat Intelligence summed up: “We’re only going to learn more over time as victims retrospectively uncover years-old compromises.”
Here’s my expert takeaway: The Chinese threat actors are evolving, swapping bespoke malware for off-the-shelf tools, exploiting edge devices everyone ignores, and using patience as their weapon. Cyber responders have to get more proactive—hunt, patch, and educate, or else these digital dragons will keep flying circles around legacy defenses.
Thanks for tuning in, my cyber-savvy listeners. Don’t forget to subscribe for more tales from the frontlines of digital geopolitics. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your Dragon's Code: America Under Cyber Siege podcast.
You wouldn’t believe the scene in my inbox these past few days—alerts, threat intelligence, panicked requests from lawyers and sysadmins alike. Welcome to Dragon’s Code: America Under Cyber Siege. I’m Ting, and if anyone’s been having a busier week than the US Cybersecurity and Infrastructure Security Agency, it’s me.
Let’s cut to the breach—literally. The talk of the week is Brickstorm, a malware so slippery even seasoned threat hunters at Mandiant and Google’s Threat Intelligence Group are calling it “next-level.” The culprits? Highly sophisticated Chinese hacking crews, with UNC5221 and Silk Typhoon taking lead roles. These attackers have wormed their way into tech firms, legal organizations—heck, even the software-as-a-service providers who help keep America ticking. But what tips Brickstorm into cyber legend status is its ability to hang around for over a year in a compromised system without anyone noticing. That’s right—400 days on average before detection, a hacker’s equivalent to squatting in your server room, eating all your digital snacks, and redecorating[CyberScoop, Mandiant].
What’s their favorite methodology? Go straight for the perimeter and remote access infrastructure: think VPNs like Ivanti, virtual machines like VMware vCenter, and edge devices that are notoriously hard to monitor. For initial access, they love exploiting zero-day vulnerabilities—flaws nobody’s patched because they don’t even know they exist. Once inside, the adversaries upload web shells like China Chopper, set scripts for persistent access, and pull off lateral moves to web servers and SQL databases. They cloak these hops with different IPs and unique malware hashes every time. My favorite detail: they even clean up their digital fingerprints—delete logs, swap credentials, the whole spy movie routine[Google, CISA].
Attribution in cyber is always a slippery sport, but security analysts like Charles Carmakal at Mandiant aren’t shy. UNC5221 has been the most persistent Chinese cyber adversary in the States for years. Silk Typhoon, meanwhile, is infamous for hacking everything from legal emails to federal infrastructure. And the newcomer, RedNovember—a group that just graduated from “activity cluster” to full-fledged headline-maker—has targeted at least two US defense contractors using open-source tools like Pantegana and Spark RAT, plus off-the-shelf tools like Cobalt Strike. All of these facilitate stealthy, modular attacks while muddying the trail for investigators[Recorded Future, The Hacker News].
What’s the government done? The FBI’s running point, coordinating with software vendors and urging organizations to use new detection tools. Over at CISA, lessons learned from a recent GeoServer exploit highlight some classic failures: missed endpoint alerts, poor log retention, and the eternal mistake of not bringing in third-party experts fast enough. In response, agencies are ramping up patch velocity, investing in persistent endpoint detection (EDR), and even deploying new forensics playbooks sourced from both government and private-sector experts. But there’s consensus—like John Hultquist at Google’s Threat Intelligence summed up: “We’re only going to learn more over time as victims retrospectively uncover years-old compromises.”
Here’s my expert takeaway: The Chinese threat actors are evolving, swapping bespoke malware for off-the-shelf tools, exploiting edge devices everyone ignores, and using patience as their weapon. Cyber responders have to get more proactive—hunt, patch, and educate, or else these digital dragons will keep flying circles around legacy defenses.
Thanks for tuning in, my cyber-savvy listeners. Don’t forget to subscribe for more tales from the frontlines of digital geopolitics. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
You wouldn’t believe the scene in my inbox these past few days—alerts, threat intelligence, panicked requests from lawyers and sysadmins alike. Welcome to Dragon’s Code: America Under Cyber Siege. I’m Ting, and if anyone’s been having a busier week than the US Cybersecurity and Infrastructure Security Agency, it’s me.
Let’s cut to the breach—literally. The talk of the week is Brickstorm, a malware so slippery even seasoned threat hunters at Mandiant and Google’s Threat Intelligence Group are calling it “next-level.” The culprits? Highly sophisticated Chinese hacking crews, with UNC5221 and Silk Typhoon taking lead roles. These attackers have wormed their way into tech firms, legal organizations—heck, even the software-as-a-service providers who help keep America ticking. But what tips Brickstorm into cyber legend status is its ability to hang around for over a year in a compromised system without anyone noticing. That’s right—400 days on average before detection, a hacker’s equivalent to squatting in your server room, eating all your digital snacks, and redecorating[CyberScoop, Mandiant].
What’s their favorite methodology? Go straight for the perimeter and remote access infrastructure: think VPNs like Ivanti, virtual machines like VMware vCenter, and edge devices that are notoriously hard to monitor. For initial access, they love exploiting zero-day vulnerabilities—flaws nobody’s patched because they don’t even know they exist. Once inside, the adversaries upload web shells like China Chopper, set scripts for persistent access, and pull off lateral moves to web servers and SQL databases. They cloak these hops with different IPs and unique malware hashes every time. My favorite detail: they even clean up their digital fingerprints—delete logs, swap credentials, the whole spy movie routine[Google, CISA].
Attribution in cyber is always a slippery sport, but security analysts like Charles Carmakal at Mandiant aren’t shy. UNC5221 has been the most persistent Chinese cyber adversary in the States for years. Silk Typhoon, meanwhile, is infamous for hacking everything from legal emails to federal infrastructure. And the newcomer, RedNovember—a group that just graduated from “activity cluster” to full-fledged headline-maker—has targeted at least two US defense contractors using open-source tools like Pantegana and Spark RAT, plus off-the-shelf tools like Cobalt Strike. All of these facilitate stealthy, modular attacks while muddying the trail for investigators[Recorded Future, The Hacker News].
What’s the government done? The FBI’s running point, coordinating with software vendors and urging organizations to use new detection tools. Over at CISA, lessons learned from a recent GeoServer exploit highlight some classic failures: missed endpoint alerts, poor log retention, and the eternal mistake of not bringing in third-party experts fast enough. In response, agencies are ramping up patch velocity, investing in persistent endpoint detection (EDR), and even deploying new forensics playbooks sourced from both government and private-sector experts. But there’s consensus—like John Hultquist at Google’s Threat Intelligence summed up: “We’re only going to learn more over time as victims retrospectively uncover years-old compromises.”
Here’s my expert takeaway: The Chinese threat actors are evolving, swapping bespoke malware for off-the-shelf tools, exploiting edge devices everyone ignores, and using patience as their weapon. Cyber responders have to get more proactive—hunt, patch, and educate, or else these digital dragons will keep flying circles around legacy defenses.
Thanks for tuning in, my cyber-savvy listeners. Don’t forget to subscribe for more tales from the frontlines of digital geopolitics. This has been a quiet please production, for more check out quiet please dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI